Embodiments of the present invention are directed to systems, apparatuses and methods for reducing fraud in transactions, and more specifically, to the detection of potential fraud in payment and other transactions by processing data derived from previous transactions in which a consumer used a credential or password to authenticate themselves. Embodiments of the invention may be used for multiple types of transactions, including, but not limited to, payment transactions such as eCommerce transactions in which a payment device is not presented to a merchant at the time of the transaction. Further, embodiments of the invention may be used to provide an indication of fraud in a real-time transaction processing environment, enabling issuers to take actions to reduce fraud prior to processing a transaction authorization message for a payment or other transaction. By detecting the possibility of fraud at an earlier stage of the transaction processing, the present invention can act to reduce the data processing and other network resources that would otherwise be applied to such transactions, as well as reducing losses that might otherwise occur if fraud was not detected until a later time.
Consumer payment devices such as debit cards or credit cards are used by millions of people worldwide to facilitate various types of commercial transactions. In a typical transaction involving the purchase of a product or service at a merchant location, the payment device is presented at a point of sale terminal (“POS terminal”) located at a merchant's place of business. A consumer may also initiate a payment transaction by providing payment data from a remote location to a merchant over a network such as the Internet. Transactions of this type are typically initiated using a computing device such as a personal computer or laptop computer. Transactions may also be initiated by using a mobile device such as a cell phone or personal data assistant (PDA) that communicates with a merchant or service provider directly or indirectly over a wireless network. Transactions in which the consumer is not in the same physical location as a merchant, and hence where a payment device is not physically presented to the merchant, are termed “card not present” (CNP) transactions.
Given the large number of transactions and amounts of money involved, the detection and prevention of fraud is an important consideration of any transaction processing system. In order to address this problem, payment processors and others involved in authorizing a transaction have developed data analysis tools designed to identify potentially fraudulent behavior within an individual account and over a set of transactions as a whole. These tools may be used as a form of transaction risk assessment to provide an issuer with an estimate or indicator of the risk associated with a proposed payment or other transaction. If the assessment indicates an unacceptable level of risk for a particular transaction, then the issuer can refuse or deny the transaction. This prevents the consumer from being able to complete the transaction with a merchant. Typically, the risk assessment is implemented in the form of rules, where if a transaction satisfies the conditions of a rule, it is considered to be a fraudulent transaction or one deserving of further scrutiny prior to being authorized.
Although present forms of transaction risk assessment provide a benefit to the parties involved in transactions, such transaction data processing tools do have disadvantages, particularly in terms of their use for real-time processing of transactions. For example, the data used to evaluate the potential for fraud in a transaction is typically obtained from a transaction authorization request message that is generated by a merchant or the merchant's data processing system. While this information is useful, there may be other information that is collected as part of the processing of certain types of payment or other transactions that can be used to determine if a proposed transaction is likely to be fraudulent. In addition, in some cases, more effective fraud deterrence may be obtained by providing a warning to issuers earlier in the processing of transaction data that a particular account is associated with previous fraudulent transactions or is considered to be a risk for conducting fraudulent transactions.
What is desired are a system, apparatus and method for reducing fraud in payment or other transactions, such as card not present transactions, by providing issuers with a warning that a transaction being processed for authorization is potentially fraudulent. Embodiments of the invention address these problems and other problems individually and collectively.